cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator - January 29th

Level 17

This week's Actuator comes to you from the suddenly mild January here in the Northeast. I'm taking advantage of the warm and dry days up here, spending time walking outdoors. Being outdoors is far better than the treadmill at the gym.

As always, here's a bunch of links from the internet I hope you will find useful. Enjoy!

Jeff Bezos hack: Amazon boss's phone 'hacked by Saudi crown prince'

I don't know where to begin. Maybe we can start with the idea that Bezos uses WhatsApp, an app known to be unsecured and owned by the unsecured Facebook. I'm starting to think he built a trillion-dollar company by accident, not because he's smart.

New Ransomware Process Leverages Native Windows Features

This is notable, but not new. Ransomware often uses resources available on the machine to do damage. For example, VB macros embedded in spreadsheets. I don't blame Microsoft for saying they won't provide security service for this, but it would be nice if they could hint at finding ways to identify and halt malicious activity.

London facial recognition: Metropolitan police announces new deployment of cameras

Last week the EU was talking about a five-year ban on facial recognition technology. Naturally, the U.K. decides to double down on their use of that same tech. I can't help but draw the conclusion this shows the deep divide between the U.K. and the EU.

Security Is an Availability Problem

I'm not certain, but I suspect many business decision-makers tend to think "that can't happen to us," and thus fail to plan for the day when it does happen to them.

Apple's dedication to 'a diversity of dongles' is polluting the planet

Words will never express my frustration with Apple for the "innovation" of removing a headphone jack and forcing me to buy additional hardware to continue to use my existing accessories.

Webex flaw allowed anyone to join private online meetings - no password required

The last thing I'm doing during the day is trying to join *more* meetings.

Play Dungeons & Deadlines

You might want to set aside some time for this one.

Walking through Forest Park this past Sunday, after a rainstorm the day before and the temperature so perfect to catch the steam coming off the trees.

pastedImage_0.png

34 Comments
Level 12

Haven't had a chance to read the articles yet, but awesome pic!

Level 13

Thanks for the links....and what an awesome pic!

Level 12

Dungeons and Deadlines... Thank you for giving me another time vampire!

Level 15

Nice photo. It's been a strangely warm winter in Michigan this year. Snow has melted completely a few times. Usually it sticks around for the full season.

Level 12

Apple's dedication to 'a diversity of dongles' is polluting the planet This diversity of dongles has also bitten me in the past. I don't use i<Products> anymore which has reduced my angst.

Level 12

I got about 2 and half minutes into Play Dungeons & Deadlines before getting sucked back into my real life Dungeons & Deadlines.

Level 13

Thanks for the Articles

Level 14

Security article is right.... A good backup is everyone's friend.

MVP
MVP

A good full backup is cheap insurance....

MVP
MVP

Apples cable/dongle issue is about marketing and residuals.

It forces the consumer to return  to replace old broken interface cables/stuff and through planned obsolescence purchase more product.

Without that, a single purchase every few years is all they would get.  If you can get the consumer to constantly comeback for a number of smaller items, it generate revenue, brand recognition, brand loyalty, and also is pointed the demographic of those that have to have the latest and newest tech.

Level 13

Thanks for some more interesting links.  I started reading them yesterday and didn't make it back until today to say thanks.  Some good ones obviously.

The Bezos thing was one of the more surprising ones I've seen lately, given he is reputed to be somewhat geeky.  Mom always said be careful who you make friends with.....

Level 13

Great picture by the way.  If we had a place that looked like that near us I'd spend a lot of time there as well.

MVP
MVP

You know, I think you are right about Bezos!  I am sorry, I AM allowed a personal opinion, I have never been impressed by this man ... only by the fortune!  Not much common sense!!!

Level 15
Level 15

Wish they would standardize on an inductive charger all small tech could take advantage of.

Apple's dedication to 'a diversity of dongles' is polluting the planet

Level 15

We have had 'Lurkers' join before. Never know who they were.

Webex flaw allowed anyone to join private online meetings - no password required

MVP
MVP

I will have to wait until I get home to look at dungeons and deadlines....MCafee blocks it.

Level 14

A cheap(ish) cable drives more phone sales....

Yup..... profits!

Level 14

The Brits doubling down on cameras and facial recognition can hardly be a surprise....

1. Another way to tell the EU to go away (clean version)

2. The were one of the pioneers of CCTV cities, think way back in the day during the IRA bombings....

MVP
MVP

The Bezos/Saudi prince thing sounds like a plot from a dodgy film

Nice article, thanks.

MVP
MVP

Nice article.

Level 11

As always, thanks for all the articles!  Nice photo.

MVP
MVP

This week's Actuator comes to you from the suddenly mild January here in the Northeast. I'm taking advantage of the warm and dry days up here, spending time walking outdoors. Being outdoors is far better than the treadmill at the gym. -

MVP
MVP

I just got to the article about Security is an Availability Problem.  I have a different take... not to tell on anyone... lets just say someone in charge of an organization was proud to say that they have Cybersecurity Insurance .. I could not hold my tongue, I blurted out "It is not worth the paper it is written on!"  You can't substitute for security...... I continue to get frustrated... I am unable to upgrade Server 2008 because my vendor does not have 2012 for sale... can we just put that server on the DMZ ...????  Ugh.. how about installing 2019 and downgrading ... I digress completely .. had to vent to my peeps!!!  We need to keep telling our employers that we have been hacked ... you have either been hacked and know it .. or you have been hacked and don't know.....

The recent surge after we killed the General in Iran did give me some leverage ... I am now blocking any Country that is attempting to hit our organization!!!

Thanks for the great stimulation sqlrockstar   I absolutely look forward to your posts!!! Can't wait to get to the rest of the stories!!!!

MVP
MVP

I knew I forgot something... I absolutely love your picture!

Level 12

thanks for the article

Hacked by a stranger's attached file, or via a link to an unsecure social media ap?  Of course!  Why would anyone NOT suspect malfeasance and skullduggery when receiving such an item?

Everyone SHOULD (no-, MUST) suspect the worst and prepare their social media surfing along with their hardware and files and apps to be protected from this kind of problem.

Leveraging native Windows tools to create new local hacks--because why not?  Who would think to protect against Windows native solutions?

Almost everyone, that's who.  It's the ones who fall between the cracks, the ones who don't keep their systems protected / vaccinated, that help keep this sort of problem alive.

I question London's decions about f facial recognition software.  It's been reported to be unreliable.  San Francisco actually passed a low to ensure it would NOT be used (San Francisco just banned facial-recognition technology - CNN ).

Wouldn't it be better to work at preventing the problem instead of reacting to it?

If you take away the reason for folks to behave badly against you or your government, there's probably less reason to want/need facial recognition software.

Maybe a person has more friends and happier neighbors if that person does nice things instead of offensive ones.

Great Britain and London, I'm not pointing the finger solely at you; don't feel defensive.  The U.S. and its current leader are plenty offensive to (seemingly) so many others.  I'd love it if we could get the plank out of our governmental eye before starting to point at folks who may have just a tiny spec of something in their eye.

Saying security is an availability problem doesn't seem to shine the spotlight where it belong, IMHO.  OK, if someone hacks a web site and the site becomes unavailable, that's a symptom of a security problem.

It might also be thought of a problem with availability of security, budget to install and promote and test security, and with education about secure practices.

But calling it an availability problem just doesn't sit right with me. Was the site's security unavailable?  Probably not; it was possibly available and present, but insufficient to the need, one way or another. 

Maybe we should think of security as an availability problem with regards to integrity and morals and honor.  If one or more of those is missing in a person or a group or a company or a nation, well, you have a recipe for bad behavior.  So the problem is that bad behavior and opportunities for it to hurt others are excessively available, while good security coming from good behavior/morals/integrity/honesty are NOT available.  At least, not available in the quantities and locations required for good security.

Yeah, this is all semantics.  I don't think one can call security an availability issue.

While I can understand someone's desire to eavesdrop on a meeting to which they were not invited, I have better things to do with my time.  And better integrity and morals and honor than to try it.

Regarding Dungeons and Deadlines, my company's security filter denied me access to that site because it is a gaming site.  I'm OK with that.

MVP
MVP

A new attack vector these days is to use an email address to send a link to a pdf on a google drive to your phone via SMS. 

Being it may appear to be a name instead of a phone number some may open it and click the link without being suspicious.

Being it came from an email address your phone can't block it as it can a number.  Makes it easy to

Stay diligent folks....

Level 8

Thanks for the write up.

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.